> John Polyakov writes:
> > Hmmm, if you have PHYSICAL access to the machine, you can simply reboot and type
> > "linux init=/bin/sh" and after it simply cat /etc/shadow and run John The Ripper....
> > Am i wrong?
>
> You can password-protect LILO to prevent others from giving it their own
> boot options. Similarly you can password-protect single-user mode so
> either a deliberate shutdown-and-reboot to single-user mode, or an
> attempt to induce the machine to go into single-user mode, will prevent
> others from getting at the single-user root shell.
Yeah but then you can boot up the machine with a root disk and mount
whatever partition you want. If the machine doesn't have a floppy or
cd-rom you can always install one temporarily. Or if it's just data you're
after you can just steal the damn hard drive.
As I said earlier, if you have physical access to the system you have
root. The only way to prevent this is to lock the computer in a secure
room (ie: make sure you can't get in from the cieling or whatever) and
place a security guard at the door.
However after hearing some arguments I am now all for the idea
of encrypting swap for some set-ups. However, it should be optional
since not everyone needs it.
-- Garett SpencleyI encourage you to encrypt e-mail sent to me using PGP My public key is available on PGP key servers (http://keyservers.net) Key fingerprint: 8062 1A46 9719 C929 578C BB4E 7799 EC1A AB12 D3B9
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/